Scamming got sophisticated

Last updated: 14 March 2016

Australia Post has warned people to be on the lookout for a new scam circulating via email which could leave their computers vulnerable to ransomware.

The email appears to originate from Australia Post and informs the recipient of a package that has supposedly arrived for them at a local Australia Post
store. The email then directs people to download and print the attached shipping information, which contains ransomware known as 'Locky'.

Once the ransomware is downloaded, users are prevented from accessing their files until a ransom fee has been paid, according to MailGuard, the IT security
company that reported the scam.

Sophisticated scamming

Mailguard has called this latest scam "highly innovative" as the scammers are sending personalised emails using information they've gathered from social
media sites.

"The email is directly addressed to the recipient, using their first, last name, location, job title and company name, all included within the email
content," MailGuard said on a website post about the hoax.

"By using highly advanced scraping software, cyber criminals are able to scan and acquire this information from readers' public profiles on social media
sites."

It's more likely recipients of an email would download an attachment if it contains personalised information about them.

Don't click the link

This is not the first time emails claiming to be from Australia Post have been used as part of an online scam. A spokesperson told CHOICE there are a number
of scams currently operating that involve Australia Post.

"Australia Post leaves a card in the letterbox if the customer is not at home to receive a parcel. We don't ask customers to click on a link before picking
up an item awaiting collection," the spokesperson said.

More information on email scams targeting Australia Post customers can be found on the Australia Post website.